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Description 

FRAUD DETECTION IN A POSTAGE 

SYSTEM 

Cross Reference to Related Applications 

[0001] This application claims priority under 35 U.S.C. section 
119(e) from Provisional Patent Application Serial Number 
60/481,401, filed September 19, 2003, entitled System 
And Method For Preventing Duplicate Printing In A Web 
Browser (Attorney Docket Number F-684), which is incor- 
porated herein by reference in its entirety. This applica- 
tion claims priority under 35 U.S.C. section 119(e) from 
Provisional Patent Application Serial Number 60/481,402, 
filed September 19, 2003, entitled Fraud Detection for 
Postage Systems (Attorney Docket Number F-730), which 

is incorporated herein by reference in its entirety. 
Background of Invention 

[0002] The illustrative embodiments described in the present ap- 
plication are useful in systems including those for provid- 
ing funds accounting and evidencing and more particu- 



larly are useful in systems including those for providing 
for accounting of postage and evidence of postage. 

[0003] Funds accounting, storing and dispensing systems are 

potential targets for fraud because they store funds. Cer- 
tain funds systems are regulated and are typically re- 
quired to exhibit some level of security capability to pre- 
vent or dissuade fraudulent activity. Such systems may 
also provide some forensic evidence to assist in tracking 
any fraud that is perpetuated. 

[0004] For example, postage meters approved by the United 

States Postal Service (USPS) must exhibit certain security 
capabilities in order to be approved for use. Many postage 
meters in the United States provide funds accounting such 
that a source of funds is debited when postage is prepaid 
before being placed into the mail stream. Additionally, 
many postage meters provide proof of the postage pay- 
ment in the form of printed indicia placed on the mail 
piece, typically on the upper right hand corner of an enve- 
lope. In a postage system that utilizes prepaid funds such 
as the USPS, a postage meter may account for funds by 
providing an ascending register to track money spent, a 
descending register to keep track of available funds and a 
piece count register to track total number of mail pieces 



franked. Certain other postal systems utilize post-paid 
postage wherein a postage meter may incorporate credit 
accounting features. 

[0005] Mailing machines including postage meters are commer- 
cially available from Pitney Bowes Inc. of Stamford, Con- 
necticut. Additionally, the CLICKSTAMP ™Online system is 
available from Pitney Bowes Inc. for printing CLICKSTAMP 
™ Internet Postage. The program is a heavy client archi- 
tecture that includes access to a virtual postage meter as- 
signed to the postage meter license of the customer. The 
program must be installed on the user computer as an 
application and is typically shipped stored on a CD-ROM. 
The customer may download the software, but such a 
download may take several minutes using a typical mo- 
dem dial-up Internet connection. 

[0006] a reference directed to Instant Online Postage is described 
in U.S. Patent No. 6,619,544 issued to Bator, et al. on 
September 16, 2003 and is incorporated herein by refer- 
ence in its entirety. 

[0007] The United States Postal Service published a draft specifi- 
cation entitled Performance Criteria for Information-Based 
Indicia and Security Architecture for Open IBI Postage Evi- 
dencing Systems (PCIBI-O), dated February 23, 2000. 



[0008] postage meters may be characterized as operating in an 
open meter manner or a closed meter manner. A typical 
closed system postage meter includes a dedicated printer 
for printing evidence of postage dispensed and accounted 
for by the meter. A typical open system meter may utilize 
a general-purpose printer. Postal funds are often stored in 
a postal security device (PSD) that may employ a secure 
accounting vault. The typical postage meter user leases a 
postage meter and registers that postage meter with the 
United States Postal Service (USPS). 

[0009] virtual postage meters such as the CLICKSTAMP ™ Online 
(CSO) system are available, and exist as accounts at a data 
center with a user having a postage meter license to use a 
corresponding virtual postage meter by remote access. A 
remote virtual postage meter account and remote crypto- 
graphic processors are utilized to produce indicia infor- 
mation that is used by the user"s local processor to print 
postage indicia. As described more fully in the incorpo- 
rated references, the CSO virtual postage meters utilize 
the Information-Based Indicia Program (IBIP) indicium that 
is a distributed trust system. The user fills the postage 
vault with funds and then dispenses the funds as postage 
by applying printed postage indicia to mail pieces that are 



then placed in the mail stream. The CSO user has a virtual 
postage meter account with a unique serial number and 
that account is associated with a postage meter license 
obtained under authority of the USPS. 

[0010] a reference directed toward reissuing digital tokens in an 
open metering system is described in U.S. Patent No. 
6,157,911, issued to Cordery, et al. on December 5, 2000 
and incorporated herein by reference. 

[0011] a reference directed toward preventing fraudulent printing 
of a postage indicia displayed on a personal computer is 
described in U.S. Patent No. 5,988,897, issued to Pierce et 
al. on November 23, 1999 and incorporated herein by ref- 
erence. The Pierce system describes determining whether 
the output device is a window or a printer and choosing 
the appropriate indicium to render based upon that deter- 
mination. Accordingly, a screen print function would print 
the sample indicium. Accordingly, a downloaded applica- 
tion could hook into the operating system printing sub- 
system so that the user would not be able to print multi- 
ple copies of an indicia. Commonly owned, co-pending 
patent application serial number 09/451,598, filed 
November 30, 1999 directed toward a method for pre- 
venting the duplicate printing of an IBIP indicium is incor- 



porated herein by reference. 

[0012] Commonly owned, co-pending patent application serial 
number 09/952,543, filed September 14, 2001 and enti- 
tled Method And System For Optimizing Refill Amount For 
Automatic Refill Of A Shared Virtual Postal Meter, is incor- 
porated herein by reference. Commonly owned, co- 
pending patent application serial number 10/012,960, 
filed November 5, 2001 and entitled Method And System 
For Secure Printing Of Indicia Via A Web Based Browser, is 
incorporated herein by reference. 

[0013] Several types of value transfer systems are used in 

postage payment systems in general and by the USPS in 
particular. For example, stamps may be purchased and 
then utilized to pay for postage. A permit system may be 
used in which a mailer established an account with the 
USPS and then uses a manifest system to account for 
postage. Additionally, a meter system may be used. A 
postage meter is loaded with an amount of postage value 
that is then dispensed by printing postage indicia on mail 
pieces. 

[0014] | n another payment model, a broker may act on behalf of 
a customer to pay the postage due to the carrier such as 
the USPS as long as the USPS is convinced that the system 



is sufficiently secure. The broker is then responsible for 
paying the postage. In such a system, the user does not 
require a postage meter license. The broker obtains a 
postage meter license for the broker data center and ob- 
tains location information from the users. The broker then 
sends the location information such as the zip code to the 
USPS with the mail piece data. The broker is then respon- 
sible for identifying a particular package sender if re- 
quired by the USPS. 
Summary of Invention 

[0015] The present application describes systems and methods 
for detecting fraud in a postage system. In one embodi- 
ment, a postage dispensing system comprises a web 
browser that receives an HTML page having at least one 
visible frame and at least one hidden frame. The visible 
frame contains a sample postage label and two print but- 
tons that may be selected by the user. The first print but- 
ton is marked sample and causes the sample postage la- 
bel to print when selected. This button may be selected as 
often as the user likes. The hidden frame contains the ac- 
tual shipping label with postage. The second print button 
may be selected only a certain number of times such as 
twice. When first pressed, the user is prompted to deter- 



mine whether the label was successfully printed. If not, 
the user is given one more chance to request a reprint 
within a configurable period of time. The success or fail- 
ure of the print step is logged. After two failed print at- 
tempts, the user is offered a refund. 
[0016] | n another embodiment, the system offers a refund after 
the second unsuccessful print attempt and logs the label 
identifier as an invalid identifier. If the print is successful, 
the identifier is logged as a successful identifier. The sys- 
tem occasionally receives identifiers that have been pro- 
cessed in the mail stream. If an invalid identifier is 
present, a potential fraud is reported. If a valid identifier 
enters the mail stream more than once, a potential fraud 
is reported. In an alternative, the system polls for identi- 
fiers for a period of six months from the issuance of the 

label having that identifier. 
Brief Description of Drawings 

[0017] FIG. 1 is a schematic representation of a postage dispens- 
ing system according to an illustrative embodiment of the 
present application. 

[0018] FIG. 2 is a schematic diagram representation of a postage 
dispensing transaction according to an illustrative embod- 
iment of the present application. 



[0019] FIG. 3 is a schematic representation of the logical compo- 
nents of the illustrative postage dispensing system and 
the secure data flow according to the illustrative embodi- 
ment shown in FIG. 1. 

[0020] FIG. 4 is a schematic diagram showing a process flow for 
dispensing shipping labels with postage according to an 
illustrative embodiment of the present application. 

[0021] FIG. 5 is a schematic representation of an illustrative ship- 
ping label with sample postage according to an illustrative 
embodiment of the present application. 

[0022] FIG. 6 is a schematic representation of a display showing 
an illustrative shipping label with sample postage and a 
hidden shipping label with actual postage according to an 
illustrative embodiment of the present application. 

[0023] FIG. 7 is a flow chart showing a process for dispensing a 
shipping label with postage according to an illustrative 
embodiment of the present application. 

[0024] FIG. 8 is a flow chart showing a process for logging print 
data and calculating a fraud flag ratio according to an il- 
lustrative embodiment of the present application. 
Detailed Description 

[0025] The present invention is described with reference to the 
CSO Internet Postage System. It will be understood that 



the present invention is suitable for use with any virtual 
meter system. 

[0026] As described herein, illustrative embodiments of a 

postage dispensing system are shown. In one embodi- 
ment, a postage customer uses a web browser to receive a 
markup language page having at least one visible frame 
and at least one hidden frame. In an alternative, part of 
the hidden frame could be visible to the user such that at 
least part of the hidden frame is hidden from the user. 
The visible frame contains a sample postage label and two 
print buttons that may be selected by the user. The first 
print button is marked sample and causes the sample 
postage label to print when selected. This button may be 
selected as often as the user likes. 

[0027] The hidden frame contains the actual shipping label that 
includes the actual postage indicia. The second print but- 
ton may be selected only a certain number of times such 
as twice. When first pressed, the user is prompted to de- 
termine whether the label was successfully printed. If not, 
the user is given one more chance. The success or failure 
of the print step is logged. After two failed print attempts, 
the user is offered a refund. In an alternative, the number 
of reprints is a configurable item. Additionally, the reprint 



opportunity may be offered for a configurable period of 
time such as a five-minute window. 

[0028] | n an alternative, the sample postage may be nearly iden- 
tical to the actual postage. The bar code portion of the in- 
dicia may include the actual indicia, but may be clearly 
marked as a sample or obscured in some way so as to not 
be machine-readable. For example, a sufficient amount of 
the barcode could be obscured so that it may not be read 
even using redundancy features of the barcode. 

[0029] The web page accessed by the customer may use embed- 
ded logic such as that available by using JavaScript, Active 
Server Pages (ASP) or other similar technology. The system 
includes a postage broker system that authenticates the 
postage customer and a postage provider data center 
wherein the postage broker requests postage from the 
postage provider data center. The postage provider data 
center maintains postage meters licensed to the postage 
broker for use in the brokered postage transactions. The 
postage broker system responds to a postage customer 
request for postage. 

[0030] | n fulfilling the postage/shipping label request, the 
postage broker requests postage from the postage 
provider data center. The postage broker receives the ac- 



tual postage label data and a sample postage indicia from 
the postage provider (assuming the transaction parame- 
ters are met). The label data may include indicia data 
(such as the data that is used to constitute the IBIP bar- 
code) that may be sample data or actual data depending 
on the version of the label. The label data may include a 
link to a label image, or the image file itself. 

[0031] The postage broker then uses the received label data to 
render a shipping label in a markup language file format 
to be displayed to a user as the shipping label. The 
markup file includes a link to a postage indicia generated 
by a separately located server at the postage provider data 
center. In an alternative, the CLICKSTAMP ™Online (CSO) 
system virtual postage meter server hosts the postage in- 
dicia. Alternatively, the postage provider sends the entire 
postage indicia to the postage broker directly. 

[0032] | n another alternative embodiment, the CSO system in- 
frastructure is used to host the label, but in another em- 
bodiment the front-end postage brokerage infrastructure 
hosts the label. In other alternatives, the label may be 
hosted using a separate server. 

[0033] | n a further illustrative embodiment, the postage provider 
sends indicia data to the postage broker. The postage 



broker then constructs a shipping label including the 
postage indicia barcode, tracking barcode and other in- 
formation. 

[0034] Referring to FIGs. 1-3, an illustrative infrastructure for 

printing shipping labels with postage for users in an open 
postage meter environment is described. Under the 
present invention, the end user is not required to have a 
USPS postage meter license. 

[0035] Referring to FIG. 1, a system schematic diagram of an il- 
lustrative shipping and/or postage label processing sys- 
tem 100 according to an illustrative embodiment of the 
present application is described. 

[0036] An illustrative e-commerce company xyz Co. 106 wishes 
to provide postage and/or shipping labels to its cus- 
tomers. The company 106 intends to act as a postage 
broker for its customers. The company 106 has a connec- 
tion 107 to the Internet 108 and may communicate with 
its customers using the Internet or other communications 
channels. The schematic is illustrative and a typical con- 
figuration would include several postage broker compa- 
nies 106. 

[0037] a postage provider company has a firewall 110 that filters 
Internet communications with systems from outside the 



company. A traditional virtual meter postage system in- 
cludes an online Internet postage metering system envi- 
ronment 101, such as the CSO having production redun- 
dant servers 120, and 122, key management server 126, 
meter account database 124 and load balanced by system 
114. 

[0038] a traditional heavy client CSO user 103 communicates 
through the firewall 110 to the traditional CSO environ- 
ment 101 through a load balancer 114. Several CSO 
transaction servers 120 communicate with the CSO 
database 124 and the CSO CCV (Crypto Coprocessor for a 
Virtual PSD) servers 126 using internal communications 
channels. The CSO database 124 is a database system 
available from ORACLE ® and it uses RAID storage tech- 
niques. Several report and administrative servers 122 
communicate with the CSO database 124, an administra- 
tor console 128, an Electronic Commerce Server (ECS) 
console 129 and a Remote Cash Box (RCB) terminal 127. 
The RCB terminal 127 is a cryptographic engine that is 
physically secured and ensures that messages that ap- 
prove postage refills are securely tied to mechanism that 
obtains funds and pays the Postal Authority. The ECS con- 
sole 129 provides administration of the electronic com- 



merce front-end using a Broadvis ion® platform. 
[0039] An IBDS™(lnternet Based Delivery System) environment 

102 provides a new front end to the traditional CSO envi- 
ronment 101. The IBDS Web servers 130 are connected to 
the external brokers 106 using a load balancer 111. The 
IBDS Web servers 130 are connected to the front end of 
the traditional CSO load balancer 114. The IBDS environ- 
ment 102 includes a database 160 and a data-logging 
server 162. 

[0040] The IBDS environment 102 includes IBDS Administrative 
server 164 that is used to instantiate new postage broker 
accounts and meters. The administrative server 164 is not 
accessible using the Internet. The IBDS Administrative 
server 164 provides functions including a meter setup tool 
that allows new CSO meter records to be created for a new 
postage broker 106. Additionally, the administrative 
server 164 provides a meter refill manager, an audit utility 
and fraud alerting system. Similarly, IBDS Administration 
server 164 provides additional status systems to monitor 
system performance and operational status. 

[0041] The IBDS environment 102 allows a United States Postal 
Service (USPS) Officer system 104 to have access through 
the firewall 110. The IBDS environment 102 includes a 



help desk system 118 and an internal USPS Customer Ser- 
vice Representative (CSR) web server 150. 

[0042] The IBDS environment 102 includes an IBDS Database 166 
that communicates with the ECS console 129 of the tradi- 
tional CSO environment 101. The IBDS Database 166 is a 
MICROSOFT ®SQL Server 2000 cluster running on a plat- 
form such as WINDOWS ® 2000 Advanced Server using 
RAID technology. 

[0043] The IBDS environment 102 allows one or more external 

postage brokers such as xyz Co. 106 to have access to the 
IBDS web servers 130. The postage brokers 106 may bro- 
ker postage to customers and provide access to shipping 
services by providing a shipping label with tracking num- 
ber and optional special services. Similarly, the postage 
broker may use the system for its internal postage and 
shipping needs. It will be understood that broker 106 may 
be the same entity that operates the IBDS environment 
102. 

[0044] Postage dispensing systems may be subject to fraud at- 
tacks. The systems described in the illustrative embodi- 
ments herein have several pieces of data available that 
may be logged and used for fraud detection purposes. For 
example, each digitally signed request for postage re- 



ceived from the broker is logged. Additionally, all re- 
quests/transactions are logged. The system also main- 
tains a list of successful shipping label/postage indicia 
prints and logs unsuccessful print attempts and refund 
requests. The fraud detection mechanism detects anoma- 
lies in the logged data and is described herein with refer- 
ence to FIG. 8. 

[0045] Referring to FIG. 2, a schematic diagram representation of 
an illustrative postage dispensing transaction 200 accord- 
ing to an illustrative embodiment of the present applica- 
tion is described. 

[0046] a parcel shipper uses a sendee's web browser 220 to send 
a printing request 201 to the postage broker web server 
224. The sendee's web browser 220 and postage broker 
server 224 perform authentication 202b. The postage 
broker server 224 sends a printing request 203 to the 
IBDS server 228. The postage broker server 224 and the 
IBDS server 228 perform authentication 202a. 

[0047] The IBDS server 228 sends a printing request 205 to the 
IBDS web server 234. The request/response logging func- 
tion 230 then sends a record of request 204 to the log- 
ging server 232. 

[0048] |BDS web server 234 sends a select meter request 206 to 



the IBDS meter selection and management system 236. 
The IBDS meter selection and management system 236 
sends an indicium signing request 207 to the CSO envi- 
ronment 238 (shown in FIG. 1 as 101). A signed indicium 
is sent 208 to the IBDS meter selection and management 
system 236 and then sent 209 to the IBDS dispense sys- 
tem 234, which then sends an HTML page 210 to the IBDS 
web server 228. The request/response logging function 
230 then sends a record of response 211a to the logging 
server 232. Postage label image 240 is sent from web ser- 
vice 234 to web browser 220. 
[0049] The HTML page is sent 211b to the broker web server 224 
using a secure channel 226 and then may be optionally 
modified before being sent 212 to the sendee's web 
browser 220. For example, the broker may brand the page 
using broker graphics. The HTML page may contain the 
label image 240 or may contain a link to a postage label 
image 240 stored on the IBDS dispense web server 234. 
The user then prints the HTML page using printer 222 or 
retrieves the postage label image from the link and then 
prints. 

[0050] The IBDS system comprises an authentication process that 
includes passing a printing request 203 that includes a 



unique ID that identifies a specific postage broker with an 
identifier that identifies a specific customer of the postage 
broker. Any other known authentication process may be 
used. Additionally, a transaction ID that identifies a spe- 
cific transaction is included. The transaction ID is unique 
for each request coming from one postage broker. A digi- 
tal signature including a signature of the three authenti- 
cation elements may be used. When the request reaches 
the IBDS server 228, the server performs a series of valid- 
ity checks before executing the request. If any of the 
checks fail, the IBDS server 228 will reject the request and 
send an error message to the postage broker server 224. 
The checks may include checking the request for valid pa- 
rameters including a Security header, the broker ID, a Lo- 
gin ID, a non-empty Login ID, a Transaction ID, a Trans- 
action ID that is new. The request may also be checked for 
a digital signature of the data in the request and a valid 
digital signature. 
[0051] Referring to FIG. 3, a security model according to an illus- 
trative embodiment of the present application is de- 
scribed. 

[0052] The customer system 340 includes a computer having a 
web browser 343 that includes a secure communications 



subsystem that supports SSL/TLS. Additionally, a printer 
342 is available for printing shipping labels. 

[0053] The customer system utilizes an Internet connection using 
SSL/TLS 339 to communicate with a postage broker sys- 
tem 330 of xyz Co. The broker system 330 includes a web 
server 334 that serves HTML or other markup language 
files in response to requests from user systems 340. Op- 
tionally, a postage broker application includes an address 
engine 333 that is used for address cleansing and a 
postage and/or shipping rate calculator 332 that is used 
to rate package shipping charges. The broker system 330 
utilizes an Internet connection using a VPN 329 or other 
secure channel to communicate with IBDS system 320. 

[0054] The IBDS system 320 is used to interface with a traditional 
virtual meter system 310. IBDS system 320 includes a web 
service 327 that communicates with the postage broker 
system 330 using VPN connection 329. The IBDS system 
320 also includes an audit logging system 326 for logging 
print success and other information. 

[0055] The IBDS system 320 includes a meter selection manager 
325. In traditional virtual postage meter systems, a user 
accesses the same meter account for each transaction. 
Here, a postage broker may have one or more virtual 



postage meter accounts. The meter selection manager 
325 is used to select the virtual postage meter account 
that will be utilized for a particular transaction. In one 
embodiment, if the postage broker has more than one 
meter account, the virtual postage meter account with the 
highest balance is selected. In another embodiment, the 
entire balance of one virtual postage meter account is ex- 
hausted before proceeding to the next such that a smaller 
set of meters would need to be refilled. Furthermore, 
known systems for choosing the refill amount can be uti- 
lized such as those described in commonly owned, co- 
pending U.S. Patent Application No. 09/952,543, filed 
September 14, 2001 and entitled Method And System For 
Optimizing Refill Amount For Automatic Refill Of A Shared 
Virtual Postal Meter, incorporated herein by reference. 

[0056] The postage provider system 320 includes a postage refill 
manager system 322 that manages the meter refill pro- 
cess for each postage broker. 

[0057] The postage provider system 320 includes a postage dis- 
pense request processor 324 that processes postage re- 
quests. Additionally, a postage-rendering component 323 
renders an image or other data file for inclusion in the 
shipping label. The rendered postage may include an IBIP 



indicium. As described herein, the postage-rendering 
component may render a sample indicium and an actual 
indicium. Optionally, the postage rendering component 
may reside within the postage broker system 330. The 
postage provider system 320 communicates with the tra- 
ditional virtual postage system 310 using the SSL protocol 
over network 319. Alternatively, other network topologies 
and security configurations may be utilized. For example, 
mutually authenticated SSL may be used. Additionally, an 
actual private network such as a dedicated line may be 
utilized. 

[0058] The traditional virtual postage system 310 is preferably a 
CSO system 310. The virtual postage system 310 includes 
an external interface layer 316 that interfaces with tradi- 
tional CSO users and the IBDS postage users. The system 
includes a transaction processor 317, a Virtual Postal Se- 
curity Device (VPSD) server 314 and an Electronic Com- 
merce Server (ECS) IF 315. The system includes an audit 
logging system 312 and a crypto coprocessor for virtual 
PSD (CCV) server 311. Web browser 343 is connected to 
web service 327 using secure link 345. 

[0059] The systems and subsystems here may be organized as 
different portions of an application, different applications 



on a computer or even different applications running on 
different computers. Similarly, any combination may be 
used or any known form of geographical, throughput or 
other load balancing may be used. 

[0060] Referring to FIGs. 4-7, an illustrative system and method 
for preventing duplicate printing in a web browser ac- 
cording to an illustrative embodiment of the present ap- 
plication is described. In the preferred embodiment, the 
system does not download an application to the user"s 
computer. In an alternative embodiment, a small program 
such as a Java program with the same functions described 
below that can be executed in a browser-based virtual 
machine could be utilized. 

[0061] Referring to FIG. 4, an illustrative shipping label/postage 
dispensing system 400 according to an illustrative em- 
bodiment of the present application is shown to illustrate 
a process flow for dispensing shipping labels with 
postage. 

[0062] a shipping customer system 410 is connected to xyz Co. 
postage broker system 420 using a communications 
channel 412 such as the Internet. Similarly, the customer 
system 410 is connected to the IBDS system 430 using a 
communications channel 425 such as the Internet. System 



430 is equivalent to systems 101 and 102 shown in FIG. 1. 
The Internet connections may be secured using Secure 
Socket Layer (SSL), Virtual Private Network (VPN) or other 
technologies. 

[0063] | n a typical transaction, a customer logs into a vendor site 
such as an auction e-commerce provider. The customer 
may be authenticated by the methods that the e- 
commerce auction site uses for its auction customers. The 
customer then initiates a process to purchase postage and 
to initiate a shipping transaction. A print postage request 
is sent from the customer system 410 to the xyz Co. sys- 
tem 420. The xyz Co. system 420 then verifies the desti- 
nation address and calculates the shipping rate. The des- 
tination address may be cleansed if required. The xyz Co. 
system 420 then formulates a postage dispense request 
for the IBDS system and signs the request with a private 
key. The xyz Co. system 420 then sends the request to 
the IBDS system 430. 

[0064] |BDS system 430 generates an HTML page containing a 

link to a postage label image and sends the HTML page to 
XYZ Co. system 420. XYZ Co. system 420 sends the HTML 
page to the customer system 410. Customer system 410 
may then access the postage label image stored on the 



IBDS system 430 for subsequent printing. 

[0065] Referring to FIG. 5, a markup language file representing a 
postage label file is shown displayed in a browser window 
500. The browser pull-down menus 510 and all user con- 
trol is disabled and invisible. A shipping/postage label 
print button 522 is placed in the top of the browser win- 
dow 500. A postage transaction cancel button 525 is pro- 
vided and a sample shipping/postage label print button 
524 is provided. The shipping/postage label 526 includes 
a top section 590 that includes an indicator of the class of 
service 592 and a sample indicium barcode 594. The label 
526 includes a second section 580 that includes destina- 
tion 582 and source 584 address information. The label 
526 includes a third section 560 that includes a delivery 
confirmation barcode 562 and a delivery confirmation 
number in human readable form 564. A human readable 
designation of any special service is provided 566. The la- 
bel 526 also includes a fourth section 550 that includes a 
human readable approval code 552. 

[0066] Referring to FIG. 6, a display showing an illustrative ship- 
ping label 600 with sample shipping label 626 and a hid- 
den shipping label 632 with actual postage according to 
an illustrative embodiment of the present application is 



described. The browser control bar 610 has height A and 
is disabled such that the user does not have control of 
menus, toolbars, scroll bars, and other control functions 
such as keystroke panning and right click menus. 

[0067] The visible frame 620 is not resizable and has the height 
B. The invisible frame 630 has height C. The screen is di- 
vided into a visible height D and an invisible height E. Vis- 
ible frame 620 includes a sample shipping label 626 that 
is visible. A sample print button 624 and a postage print 
button 622 are included in the visible frame. In an alter- 
native, frame 620 is a partially visible frame. 

[0068] The invisible or hidden frame 630 includes the actual 

shipping label 632 that is to be printed. The logic behind 
print button 622 causes the hidden frame 630 having 
shipping label 632 to be printed. The print button 622 
logic prompts the user to answer whether the print was 
successful. If the user does not reply, the default is an af- 
firmative answer. If the user indicates that the print was 
not successful, the user is offered the opportunity to 
reprint once. Alternatively, the number of print retries 
could be varied. As described herein, the print button 622 
logic also logs the indication of success and/or failure to 
the postage provider system 430 for fraud detection and 



other purposes such as tracking. 

[0069] since the actual and sample shipping label files may be 

stored in a GIF format, the files may be large. The files can 
be stored on the IBDS system and referenced in the HTML 
or other markup language page that is sent to the cus- 
tomer. Such a configuration provides greater throughput 
having a low time to first byte (TTFB). Additionally, less 
data is transferred between the xyz Co. system and the 
IBDS server. More data is transferred between each cus- 
tomer system and the IBDS system, but that data is dis- 
tributed over the various channels that each customer 
uses to reach the IBDS system. As soon as the customer 
responds to the successful print prompt (either answer or 
a default) the label images are removed from the server. If 
no response is received, then the label GIFs are removed 
after 5 minutes. Alternatively, another default time period 
such as 10 minutes may be used. 

[0070] Alternatively, other file formats may be utilized. The client 
may render the image of the label using an HTML or other 
link to include an image or image portions that are in dif- 
ferent formats such as BMP, TIFF, JPEG, PIX, PNG, and PCX. 

[0071] Alternatively, the buttons 622, 624 could be included in a 
blank portion of the invisible frame 630. For example, a 



portion of the invisible frame 630 would actually be visi- 
ble and contain the buttons. Accordingly, when a user se- 
lected the print buttons, the invisible frame would be the 
active frame and cross-frame control by the buttons 
would not be required. 
[0072] | n another alternative, the print button logic can be imple- 
mented using Active Server Pages (ASP) or other browser 
compatible logic such as Macromedia, Jscript, VBScript or 
other business logic language that is preferably browser 
independent. 

[0073] | n another alternative, the reprint capability could be pro- 
vided using a yes/no dialog box that is used to pop-up 
and prompt the user to reply whether the label printed 
correctly before the window is scripted to close. If the 
user indicates that the label did not print correctly, the la- 
bel will be reprinted. Optionally, a reprint notification will 
be transmitted to the postage provider server. 

[0074] in another alternative, the order of the frames may be 

switched and the hidden information may be overlapped 
at the top of the screen. Furthermore, additional hidden or 
visible frames may be added. 

[0075] The IBDS system may provide templates and/or API to the 
postage broker for development of the customer pages. 



Alternatively, the postage broker may design a web page 
for the end-user"s machine that meets the above con- 
straints. The web page to be created in a new browser 
window on the user"s computer has all menus, toolbars, 
scrollbars and status bars removed from the browser win- 
dow implementation. Keystroke panning and any other 
user control such as window resizing is also disabled. 
Such a browser window is said to be secure as the user is 
unable to change any of the settings. 

[0076] a sample label is rendered in a visible frame with a corre- 
sponding usable label in a hidden frame. A print button in 
the visible frame initiates the print dialog box, but the 
target is the invisible frame. After printing the window is 
scripted to close. 

[0077] Referring to FIG. 7, a method for printing a shipping label 
with postage 700 according to an illustrative embodiment 
of the present application is described. 

[0078] | n s tep 710, the user, through shipping customer system 
410 indicates a desire to print a shipping/postage label to 
a postage broker system 420. In step 720, the postage 
broker system 420 sends a request to the IBDS system 
430 after authenticating the user. In step 725, the IBDS 
system 430 provides the data required to create a new se- 



cure window having a postage indicia. This information 
may be sent directly to the user or to the postage broker 
and then forwarded to the user. In step 730, the user 
computer 410 renders a new secure browser window hav- 
ing a visible frame and print buttons as described herein 
and wherein the real image is hidden. In step 740, the 
user selects the print button. In step 750, the JavaScript 
code prints the actual shipping label with postage from 
the hidden frame. In step 755, the user indicates whether 
or not the shipping label with postage printed legibly. If 
yes, the secure window is closed in step 760. 
[0079] if the user indicates that the label did not print properly, 
another attempt to print the label is made at step 770. At 
step 780, the user indicates whether or not the reprint at- 
tempt was successful. If yes, the secure window is closed 
at step 760. If no, an error is logged and the problem in- 
vestigated at step 790. The secure window is then closed 
at step 760. 

[0080] | n an alternative, the secure window is available only for a 
period of time such as five minutes. Accordingly, the 
reprint request must be initiated within the five-minute 
time window in order to be processed. In another alterna- 
tive, a reprint request after that period of time initiates a 



new shipping label transaction with a new identifier. 
[0081] The URI, URL or other identifier used to locate the label or 
label data may include a relatively long URL so that it 
could not be guessed in a reasonable amount of time. In 
an alternative, a session identifier or other known user ac- 
cess scheme may be used to password protect the URL lo- 
cation that is hosting the label. In one embodiment, the 
label is hosted in a GIF file that is not encrypted. Accord- 
ingly, as long as the GIF is publicly available for a short 
time using a URL that is long and difficult to guess, the 
user information (e.g., name and address) should not be 
vulnerable. 

[0082] Alternatively, the GIF may be made available to only re- 
quests coming from certain IP Addresses. For example, 
the IP Addresses from which all requests are received 
would be logged. Accordingly, if an unreasonable number 
of requests were received from a single IP address, that IP 
Address could be identified as a hostile IP Address being 
used by someone fishing for labels. Such addresses could 
be denied access. Additionally, should an attacker poll an 
unreasonable number of label address that do not exist 
(one may be unreasonable), that IP Address could be 
logged, locked out and later investigated for potential 



fraud. 

[0083] a dispense postage function request includes a postage 
broker identifier, a transaction identifier and a message 
signature. Here, the combination of postage broker iden- 
tifier and transaction identifier should be unique over at 
least a certain time period. For example, in an online auc- 
tion environment, an auction transaction identifier could 
be used as the postage request transaction identifier so 
that the underlying transaction and the postage transac- 
tion are associated. 

[0084] Referring to FIG. 8, a process for logging print data and 
calculating a fraud flag ratio according to an illustrative 
embodiment of the present application is shown. In one 
embodiment, a customer could be trusted not to commit 
fraud in a refund request. For example, if the postage la- 
bel printed incorrectly twice, the customer would be 
charged for postage that was not used. The customer 
would then have to request a postage refund. However, in 
a preferred embodiment, tracking information is used in 
determining whether to honor a refund request. Alterna- 
tively, the refund request may be honored and data col- 
lected for later use to detect any fraud. 

[0085] The fraud detection process starts in step 810. In step 



812, the process determines if it has received a print out- 
come response from the end user browser in the allotted 
amount of time. If not, the process proceeds to step 814 
and logs the default response that notes that no response 
was received, but proceeds to step 838 to log a default 
print successful indication. If a response was received, the 
process proceeds to step 816. In step 816, the process 
determines if the print was successful. If so, the process 
also proceeds to step 838 to log a successful print. If the 
indication shows that the print was not successful, the 
process proceeds to step 818 and logs the unsuccessful 
print attempt. In step 820, the process offers the user a 
chance to reprint the shipping label. 

[0086] | n s tep 822, the process again polls the user in order to 
determine whether the reprint was successful. 

[0087] | n an alternative, a method for detecting fraud by a user of 
a shipping label having an identifier is described. The sys- 
tem receives a print success indicator for the shipping la- 
bel. It also receives a list of identifiers used in a shipping 
stream. If the print success indicator is negative, the sys- 
tem reports a potential fraud if the indicator is present in 
the list of identifiers. If the print success indicator is posi- 
tive, the system reports a potential fraud if the indicator is 



present at least twice in the list of identifiers. In an alter- 
native, the list of identifiers is received periodically such 
as daily, weekly, monthly or bi-yearly. In another alterna- 
tive, the list of identifiers comprise identifiers recognized 
for a period of time such as the prior six months or other 
period. 

[0088] The system reports a potential fraud if an identifier having 
a successful print indicator is not recognized within an 
expected package period such as one day, one week, one 
month or six months. 

[0089] | n an alternative, the embodiments described herein are 
used instead with one or more types of transportation 
items such as items that can be tracked such as mail 
pieces including but not limited to shipping label items, 
envelopes, post cards, postage labels, labels and pack- 
ages. The identifiers used include one or more sets of 
unique or psuedo-unique identifiers. For example, the set 
or sets of identifiers could be selected from the planet 
code, delivery confirmation number, IBI indicium, the 
combination of a piece count and permit number, and the 
combination of a meter number and ascending register. 
The identifier set type could be used to distinguish be- 
tween similar identifiers from different sets. Accordingly, 



the alternative system may use only the IBI indicium as an 
identifier. However, the system may also use the IBI indi- 
cium and planet codes in a dual identifier set solution. 

[0090] The above embodiments have been described using 

postage dispensing as an illustrative application. In alter- 
native embodiments, the embodiments described herein 
may be used to control the printing of items of such as 
tickets and other items of value. Furthermore, articles and 
reports with controlled distribution may be dispensed us- 
ing embodiments described herein. Documents of value 
such as a ticket, receipt, article, report, financial instru- 
ment and contract can be controlled. Additionally, the 
sample and actual frames do not necessarily require in- 
cluding the same item or information. For example, an ar- 
ticle abstract could be sent to a visible frame and the en- 
tire article could be sent to the non-viewable frame por- 
tion to be printed only if purchased. 

[0091] Co-pending, commonly owned U.S. Patent Application 
No.: TBD, filed herewith, is entitled System And Method 
For Preventing Duplicate Printing In A Web Browser 
(attorney docket no. F-684-01) and is incorporated 
herein by reference in its entirety. 

[0092] Co-pending, commonly owned U.S. Patent Application 



No.: TBD, filed herewith, is entitled Systems and Methods 
for Facilitating Refunds of Unused Postage (attorney 
docket no. F-775) and is incorporated herein by reference 
in its entirety. 

[0093] The present application describes illustrative embodi- 
ments of a system and method for providing funds ac- 
counting including postage brokerage, payment and fraud 
detection. The embodiments are illustrative and not in- 
tended to present an exhaustive list of possible configu- 
rations. Where alternative elements are described, they 
are understood to fully describe alternative embodiments 
without repeating common elements whether or not ex- 
pressly stated to so relate. Similarly, alternatives de- 
scribed for elements used in more than one embodiment 
are understood to describe alternative embodiments for 
each of the described embodiments having that element. 

[0094] The described embodiments are illustrative and the above 
description may indicate to those skilled in the art addi- 
tional ways in which the principles of this invention may 
be used without departing from the spirit of the invention. 
Accordingly, the scope of each of the claims is not to be 
limited by the particular embodiments described. 



